STM fare vulnerability is bigger than you think

La Presse on Wednesday had a story that discussed an apparent flaw in the new smart-card fare system being used by the STM and other transit agencies in Quebec. The story concluded (with Journal-de-Montréal-style undercover anecdotal investigation) that people could make use of this flaw to get free transit rides. The Gazette matched the story within hours.

Here’s how it works: Users take the paper/magnetic cards that are distributed as tickets, transfers and proof of payment on buses and in the metro, and bend them to make the magnetic strip unreadable. When the cards are placed into magnetic readers, it produces an error. The STM personnel are instructed to let the people through, even though no fare has been deducted from their card.

Of course, there’s nothing new here. We’ve known about how easily the magnetic strip can be rendered unreadable for months now, among all the other problems inherent in this card. And people have been attacking the fare payment system through its most vulnerable part – the employees – for a long time now. The computerized fare system just makes this easier.

What this story shows are the two major problems with the way the STM (and other transit networks) deal with fares. One is new, the other is old.

1. The new fare systems are not human-readable. The previous modes of fare payment all could be verified by a human employee simply looking at them. Even the punch-card transfers given out by bus drivers had a timestamp printed on them.

The new magnetic card has information printed on the back about how many fares have been deducted and how many are remaining, but there is no way for a driver to manually deduct a fare from them (this will become an issue if and when multiple-use disposable cards come back – The Gazette’s article says these cards will be phased out in June, but I think the writer is confusing them with the old system which is being phased out).

The Opus card is even worse. There is no way to tell without a card reader how many fares remain on the card. There is no way to manually deduct a fare. And a bus driver can’t simply throw away a bad Opus card and issue a new one.

2. No one forces you to pay your fare. This problem, which has existed since the beginning, really leads to all the others. Bus drivers are specifically instructed never to leave their seat while a bus is in service. If people get on and refuse to pay, they’re just let through. The alternative – a potentially physical confrontation between a bus driver and a hostile passenger – is to be avoided at all costs.

The metro is a bit better, with physical barriers in place, but jumping a turnstile is only going to get you in trouble if the cops are nearby.

Sure, there are fines of hundreds of dollars for people who refuse to pay their fares, but bus drivers and metro ticket-takers aren’t empowered to give them. Only when a security agent or police officer is present do these tickets get issued (and nobody’s stupid enough to refuse to pay a fare when a uniformed agent is around).

Some transit systems such as the AMT get around this with a proof-of-payment system. In these systems, fares are checked at random by officers with the power to issue tickets. You can take the train for free, but eventually you’ll get caught and face a hefty fine. The STM is moving to this system with the new cards, but won’t be able to implement it until June when the old system has finished being phased out. They’ve also promised to post agents on buses, but the ratio of agents to buses needed to seriously cut down on fraud is far higher than would be financially feasible.

Sure, the fare system is flawed, but it has nothing to do with bending a magnetic strip.

19 thoughts on “STM fare vulnerability is bigger than you think”

((
The Opus card is even worse. There is no way to tell without a card reader how many fares remain on the card. There is no way to manually deduct a fare. And a bus driver can’t simply throw away a bad Opus card and issue a new one.
))

With readers everywhere, there’s no reason to panic about the amount of tickets left on an OPUS card. And anyone who can count to 6 can mentally note how much they have left.

I read a stat that said only 0.01% of transactions with OPUS have been problematic.

OPUS is MUCH better than the STM’s magnetic card.

Additionally, I find it funny that the media is attacking the technology and then states that the problem is with the drivers admitting people on board without paying. THERE’S THE PROBLEM! If the magnetic card is bent or is otherwise unreadable YOU DON’T GET ON THE BUS! It’s as simple as that.

The problem isn’t the lack of readers. It’s that if the Opus card fails electronically, it’s useless. When the old plastic monthly passes got demagnetized, you could still pass through by showing them to a human, and you could get it exchanged for a new one.

It’s still unclear how the Opus system will deal with such failures.

Not to mention what happens if the reader itself fails on a bus. Last time I saw that happen, the driver just waved everyone through and nobody paid a fare.

Additionally Alex, have you ever been to a metro station and seen the lineups to use the readers? McGill, Vendome, Cote-Vertu – these stations (and others) all have ridiculously long lineups of people needing to use the machines, esp. during rush hour, but even sometimes during hours that would be considered off-peak ….if you’ve got a number of fares left on your card, it’s entirely possible to forget how many fares remain: believe it not, people use the transit system in a myriad number of ways, transferring from bus to metro to bus multiple times in a course of a day/week. Why implement a system that doesn’t immediately notify the card user the amount of money/number of fares remaining, as in New York’s MTA, or many transit systems in Europe?

I totally agree with the human side, it’s going to be a problem. But what I really hate is that although they don’t say it’s the main reason, the system is in place to prevent fraud. They never claim it’s the main goal but you always see fraud reduction listed in the benefits.

Cutting down fraud is good for the STM, not for us. I couldn’t care less how crappy or good their system is. Yes in the end we might pay less if fraud goes down as the STM will get money money. However, cutting down on fraud doesn’t mean that the user has to pay extra. What’s the logic behind this? We are forced to pay 3.5$ for a card which will help the STM make more money? I just don’t get it. We should have a dollar off every month or something like that for being a good citizen and using the opus card. We should not be scammed.

Overall, I feel like this system was built by amateurs with no previous experience.

Demagnetizing a smart card is more difficult that we can appreciate. There’s an ID number on the card to identify it in the database to recuperate the fares were the card to become damaged.

If a card reader terminal on a bus becomes damaged of course the users will be let on board, anything else would cause riots. Now once the transition period is over I’d like to see how often they do fail.

Plus lamenting the ways humans can workaround a system of payment, is pointless. To make a system that is fraud proof would render it unmanageable by its shear complexity. It would frustrate the users and the administrators of the system.

@Gerard:
That’s just because people wait until the last minute to load up their OPUS (or buy their CAM, TRAM, whatever). I calculated that the average user goes buy a Point of Sale 20 times between the 20th and month end. Surely one of those doesn’t have long lineups. I reload whenever there’s no one at the reader, I don’t wait until the 29th, 30th, 31st. Again, no problem with the system, just people’s mentalities to delay the purchase until the very last minute. As for notification, as soon as you board a bus or metro it shows you how many trips you have left on your card.

@Denis:
The system was implemented to reduce fraud and in fact has saved the STM 4 million dollars in fraud in the first few months (this was according to a news report I saw in July) which is repeated in the above mentioned LaPress article:

Cutting down on fraud is good for the average user. Because the average user who pays their fare, doesn’t have to pay more for fraud prevention. (OK, there’s the $3.50 for the actual card which the STM insists it’s only for production of the card. With an OPUS card being valid for 4 years (adult) that brings the cost of an OPUS to a whopping 7 cents per month!) And just think about what the STM and other transit agencies can do with 20 million dollars more.

Europe has had honour fare systems for decades, and it works well. Heck, AMT commuter trains have had that for more than 10 years.

Frequent controls with teeth **WILL** deter fare cheaters.

However, the ticketting technology must be up to the challenge. Many times I took the commuter train only to find the ticket vending machines frozen, jammed, broken or the display totally unreadable.

Several times, when I saw the fare inspectors, I went to them and I told them outright I could not get a ticket because the machine was frozen/jammed/broken/unreadable, and every single time they let me off.

Is it worthwile to get your face punched for a mere cash fare? I don’t think so, and the union is also right to think that way, too.

Currently, the STM is hiring fare inspectors en masse (drooling thugs need not apply – you need a national police institute diploma to apply); from what I understand, they are to be deployed on buses as well; right now, when someone refuses to pay a fare on the bus, the driver enters a code on the bus computer; the exact location and time is logged, and if a repeat pattern can be discerned, undercover inspectors are dispatched on the bus to catch the culprit.

* * *

Yes, it is irksome to charge $3.50 for the card. On this respect, they have failed. And the card readers could have been made vertical, with a greater range, so you could just brush your pocket against it, instead of having to stop and push it against the top of the reader.

* * *

Of couse, you cannot assume fraud for every folded ticket! This would go against centuries of legal jurisprudence. However, the farebox could be programmed to allow the driver to re-issue a new, valid cancelled ticket/transfer when someone shows-up with a dud.

Maybe this will bring back the good old “do not fold, spindle or mutilate” of yesteryear… :) :) :) :)

Sorry about the technical lingo, but in regards with the folding issue, the information on the back should be replicated many times all along the magnetic stripe, allowing the data to be written at multiple places. The system would simply reject the scrambled data where the crease is and use the data either at the beginning or the end of the ticket. Of course, you could make an accordion and break the system but then it would really be your fault.

This is very basic stuff and is used all the time in various applications. The system must be able to sustain basic errors like these. A scratch on a DVD won’t turn it instantly into a beer coaster. Multiple scratches might eventually. I’m sure you see the point. The tickets are so big that they have no choice but to handle these problems.

Remember, the OPUS system is only partially rolled out. The forthcoming ability to maintain a minimum fare or refill your account online should reduce lineups. The pre-rollout press suggested that the prospect of this sort of account management was integral to the decision to pursue a London- or Hong-Kong-style card.

Meanwhile, the magentic card problem can be easily resolved. If the card has been damaged, bus drivers should allow the passenger on to the bus, but they should confiscate the damaged card. A replacement transfer can be issued by the driver. Simple and easy, no?

I rode a late crowded bus at rush hour today, and when people packed-in the bus at a Métro station, the driver simply put his hand on the reader and waved off the people, not letting them put their card on the readers to speed-up boarding as the reader was too slow to let the people in…

This is a serious issue, if someone with a card with “tickets” on it boards, he won’t be charged for the ride, and this because the driver want to speed-up boarding.

The other problem with drivers not taking fares/swiping cards is it doesn’t give an accurate number of the amount of passengers on the bus for that time of day. I’m assuming the STM uses this information to know how many people are riding the bus at certain times of day and will add more buses accordingly.

Who knows Steve, but the transactions are tallied in some way or another. Maybe they are transferred wireless once the the bus gets back to the garage, maybe they are manually downloaded. This means the system isn’t in real time, but they are tallied.